Information technology services director Mike Harte said the university had been a target of spam emails purporting to be internal emails - which were called ''phish'' emails - for ''several years'', but there had been an increase in attacks over the past two weeks.
''A number of recipients have responded to these emails and, as a result, their email accounts have been compromised,'' Mr Harte said.
In response to the increase in attacks, the university sent all staff an email last week to raise awareness about the issue.
''In this email we remind staff that they should not be asked to confirm their details by email, nor should they be asked to visit a website hosted elsewhere and log in.''
He had a simple message for those who were uncertain if an email was genuine.
''We recommend that if users are suspicious of an email, then they should wait and check with someone else before responding,'' he said.
Once spammers had ''tricked'' a university student or staff member into giving up their login details, they could use them in a number of ways - including selling them on the black market.
''One is to log into library resources. There is a large black market trading in student login credentials for this purpose. This is used by students in countries that do not have the same level of access to teaching resources.
''The second is to take control of an email account. Once they have control and are able to log in, they use the account to send out spam to other sites,'' he said.
Spammers had been sending out ''phish'' emails for a while and, after initially targeting financial organisations, moved on to universities some years ago.
The emails sent to university staff and students varied in how authentic they looked.
''Some of these have been clear forgeries, while others have copied actual university official emails and so have looked, on the surface, to be more believable,'' he said.